Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
2
Replies

Securing 3750

Go to solution
Danilo Dy
VIP Alumni
VIP Alumni

‎03-30-2007 12:20 AM - edited ‎03-05-2019 03:11 PM

Hi,

If I configure HSRP in vlan interface, which is the best place to put the config below? Physical interface or vlan interface and why?

FYI, I put it in vlan interface because the routing information is there (i.e ip address and HSRP).

!

access-list 30 remark Multicast-filtering-ACL

access-list 30 deny 224.0.1.35 log

access-list 30 deny 224.0.1.60 log

access-list 30 deny 224.0.1.3 log

access-list 30 deny 224.0.1.2 log

access-list 30 deny 224.0.1.22 log

access-list 30 deny 224.0.1.24 log

access-list 30 deny 224.0.0.0 0.0.0.255 log

access-list 30 deny 239.0.0.0 0.255.255.255 log

access-list 30 permit 224.0.0.0 15.255.255.255 log

!

interface physical_or_vlan?

no ip redirects

no ip directed broadcast

no ip mask-reply

no ip unreachables

no ip proxy-arp

ip accounting access-violations

ip multicast boundary 30

no ip mroute-cache

ntp disable

no cdp enable

TIA

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-30-2007 12:27 AM

Hi Danilo

Not sure i fully understand. The layer 3 interface is the SVI so that is the logical place to put the layer 3 access-list that you have created.

When you say the physical interface which physical interface were you thinking of ?

If the physical interface was configured as a routed port then the access-list would go on there but this isn't what you have done.

Could you clarify ?

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-30-2007 12:27 AM

Hi Danilo

Not sure i fully understand. The layer 3 interface is the SVI so that is the logical place to put the layer 3 access-list that you have created.

When you say the physical interface which physical interface were you thinking of ?

If the physical interface was configured as a routed port then the access-list would go on there but this isn't what you have done.

Could you clarify ?

Jon

0 Helpful

Go to solution
Danilo Dy
VIP Alumni
VIP Alumni
In response to Jon Marshall

‎03-30-2007 12:39 AM

Hi Jon,

Thanks for your reply.

I think you have answered my question. I just tried putting those config in the physical interface, it won't accept it if I don't put routing configuration on it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card